diff options
author | Brett Profitt <brett.profitt@gmail.com> | 2013-01-08 09:20:28 -0800 |
---|---|---|
committer | Brett Profitt <brett.profitt@gmail.com> | 2013-01-08 09:20:28 -0800 |
commit | 9e39faf46be715df29138742d1da12b49c31c9d5 (patch) | |
tree | ec6a1b3b0c805d35e05caef040c3d71a210f5081 /engine/classes | |
parent | 2640c73760721f0c93043a7dfe1540907aa95452 (diff) | |
parent | ecc7c01cd8d0ac111767f22e935c81cc908e51c7 (diff) | |
download | elgg-9e39faf46be715df29138742d1da12b49c31c9d5.tar.gz elgg-9e39faf46be715df29138742d1da12b49c31c9d5.tar.bz2 |
Merge pull request #412 from Srokap/filestore_loose_owner_control
Don't let owner visibility prevent access to otherwise visible files. (Grabbing owner guid instead of owner entity to build file matrix in getFilenameOnFilestore())
Diffstat (limited to 'engine/classes')
-rw-r--r-- | engine/classes/ElggDiskFilestore.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/engine/classes/ElggDiskFilestore.php b/engine/classes/ElggDiskFilestore.php index f00376481..7aace43ba 100644 --- a/engine/classes/ElggDiskFilestore.php +++ b/engine/classes/ElggDiskFilestore.php @@ -200,18 +200,18 @@ class ElggDiskFilestore extends ElggFilestore { * @return string The full path of where the file is stored */ public function getFilenameOnFilestore(ElggFile $file) { - $owner = $file->getOwnerEntity(); - if (!$owner) { - $owner = elgg_get_logged_in_user_entity(); + $owner_guid = $file->getOwnerGuid(); + if (!$owner_guid) { + $owner_guid = elgg_get_logged_in_user_guid(); } - if (!$owner) { + if (!$owner_guid) { $msg = elgg_echo('InvalidParameterException:MissingOwner', array($file->getFilename(), $file->guid)); throw new InvalidParameterException($msg); } - return $this->dir_root . $this->makefileMatrix($owner->guid) . $file->getFilename(); + return $this->dir_root . $this->makefileMatrix($owner_guid) . $file->getFilename(); } /** |